Wireless communications technologies are frequently used for a wide variety of applications, such as remote controls, wireless network connections of computers, e-commerce applications or the like. In many applications it is desired to establish a secure communications link between two communications devices. This may for example be desired in order to minimise the risk of unauthorised use or misuse or the risk of unauthorised retrieval of information transmitted via the communications link. Hence, effective authentication and encryption schemes are desired in order to mutually authenticate the devices participating in a communication, and to be able to encrypt the information transmitted via a communications link.
An example of a wireless communications technology is the Wireless Application Protocol (WAP), which enables mobile communications devices to access the Internet. The WAP protocol is a layered protocol with a wireless datagram protocol (WDP) as the lowest layer, layered on top of a network layer and a bearer service which provide the wireless data link between a WAP client and a WAP server. Examples of bearer services include CDPD in an analogue cellular system, SMS and GPRS in a GSM cellular system, Bluetooth, one-way and two-way paging.
The Bluetooth technology is an example of a short-range wireless communications technology. The Bluetooth technology enables different units to communicate at a high speed and may be used in a variety of applications including ad-hoc networks of computers and other electronic equipment, e-commerce applications where a portable electronic user communications device may be used as an electronic ticket or key. The user communications device, e.g. a mobile phone, may connect to a service communications device which may grant or deny access to a location or a service.
In many of these applications there is a need for a fast authentication of the user communications device by the service communications device, in particular when the time necessary for the completion of an interaction between the user device and a service device should be kept as small as possible.
The Bluetooth standard (see “Specification of the Bluetooth system, Wireless connections made easy”, core version 1.0B, 1999, at http://www.Bluetooth.com) describes how to create security associations between Bluetooth units, how to authenticate units and how to encrypt Bluetooth links. Authentication and encryption are based on security keys generated by one or both of the units and exchanged during an initial pairing or initialisation procedure. However, the unit authentication and link encryption mechanisms require that the two communicating units have been paired, i.e. that an initialisation procedure has been performed and that they share a common secret link key. The pairing is performed based on a PIN value.
The Bluetooth specification suggests that the user may manually enter the PIN into the two devices. However, in order to achieve high security during the subsequent sessions the PIN value should be long as it is used as a basis for the generation of the secret link key. Consequently, this solution has the problem that the manual entering of a long PIN code is time consuming, and errors are likely to occur.
Alternatively, the Bluetooth specification suggests that the PIN value may be exchanged between two devices through means supported by software on the application layer, e.g. by a Diffie-Hellman key agreement. However, the Bluetooth specification does not indicate how this may be done. Furthermore, it is a problem of this prior art solution that a Diffie-Hellman key agreement alone does not provide sufficiently high security, especially for e-commerce applications, or other applications which require the exchange of sensitive data.
For the WAP protocol a standardised security protocol called Wireless Transport Layer Security (WTLS) has been described (see “Wireless Transport Layer Security (WTLS)” WAP forum, http://www.wapforum.org). The WTLS protocol may be used to create secure connections between a WAP client, e.g. a mobile telephone, and a WAP server, e.g. a WAP service provider.
Another known security solution for many secure transport applications in the Internet is the Transport Layer Security (TLS) solution (see T. Dierks and C. Allen, “The TLS Protocol Version 1.0”, IETF RFC 2246, ftp://ftp.isi.edu/in-notes/rfc2246.txt). The goal of the TLS protocol is to provide privacy and data integrity between two communicating applications. The TLS protocol is composed of two layers which my be layered on top of a reliable transport layer, such as TCP.
However, it is a disadvantage of these prior art methods that using the higher level security functions during communication requires an implementation of a WTLS or TLS server in the communicating Bluetooth units. This would imply additional storage and memory requirements.
It is a further disadvantage of these prior art methods that setting up a higher level communication, such as a WSP or http session with WTLS or TLS, between a client and a server takes a long time. This time may exceed the time available for an e-commerce interaction.
It is a further disadvantage of these prior art methods that they require a bearer protocol that supports WTLS or TLS, such as IP, to be available between the two Bluetooth units.
Hence, it is an object of the invention to provide a method and a system for a fast, efficient set-up of secure connections between wireless communication units.